Oracle has patched 25 security issues in Java of which 20 exploitable through the browser. Twenty four of the vulnerabilities can be remotely exploited without authentication. Every three months the company releases patches for leaks in its products and this time no more than 154 vulnerabilities were patched of which 25 for Java.
The three monthly update is called Critical Patch Update and this time it fixes vulnerabilities in Java 6u101, 7u85, 8u60 and issues in Oracle Database, Sun Systems Product Suite, Fusion Middleware, VirtualBox, E-Business Suite and many other applications.
Due to the critical nature of the vulnerabilities Oracle advises users to install patches as soon as possible. So far no exploits for the vulnerabilities have been found in the wild, but according to Oracle cyber criminals often reverse engineer patches to see what changed, the company writes about that, “Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches.”
The company therefore strongly recommends to always be up-to-date and to apply Critical Patch Update fixes as soon as possible.